Internet PC Networking

The nslookup command is a standard command-line tool provided in most DNS service implementations. It offers the ability to perform query testing of DNS servers and obtain detailed responses as the command output. This information is useful in troubleshooting name resolution problems, verifying that resource records (RRs) are added or updated correctly in a zone, and debugging other server-related problems.

When trying to join a Windows 2003 DC using NetBIOS name, you may receive this message: “A domain controller for the domain could not be contacted”. Common issue with this error may due to the DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain.

To verify DNS registration for domain controllers, we may use the nslookup command

On your Command Prompt.

Type:

nslookup
Read the rest of this entry »

Whether it is a Windows PC, router, switches, Linux machine or network enable device, it is recommended to stop unnecessary services that are run by default. Every running, but unused, service on your system is an unnecessary security vulnerability. Users may not even be aware that many of these services are running. Each additional service running on it may be a possible avenue for a network cracker to penetrate the system.

It is important to know the security implication of any network service before enabling it in. For example, if the telnet service is activated, a telnet client running on another device on the network can easily establish a telnet session to the system; it needs only the address of the system and the port or socket number of the network service running on the system. The rule of thumb for TCP and UDP ports is: Turn off any services or listeners that you do not need for your application to function. One way to check the list of ports running on your system is to go to one of the many web sites that can run a remote scan of your system and tell you how secure the system.

Freeware that I think is useful are now available at:

The 88 Best Freeware

This site will list a maximum of 88 best freeware I found so far and going to find in the near future. The total is not 88 yet. I will add in whenever I found something good!

DNS or Domain Name System is one of the base system service in TCP/IP. It is used by email system, windows active directory, any web access and so on. Without DNS, a user will need to know the IP addresses of all the services s/he uses.

Understanding of DNS is a must in managing network system. As mentioned, almost all network service require the service of a DNS. A trouble happened in DNS will make everything not working properly. Using a DNS tools like nslookup may be useful in troubleshooting this problems.

The Internet Printing Protocol (IPP) is a standard network protocol for remote printing as well as managing print jobs, media size, resolution, and so forth in distributed environments.

The idea behind the IPP is to define a protocol for end users to print over the Internet, provide users with the same printing controls and concepts that they use to print locally or to LAN-attached printers. There are two main components to IPP:

- Web-based printer management which offers the ability to administer, to connect to, and to view printers by using a Web browser.
- Internet printing which allows you to use the printer’s URL to connect to a printer.

In IPP, print jobs are sent using Hypertext Transfer Protocol (HTTP), the same protocol used to connect to web pages. Unlike other printing protocols, IPP also supports access control, authentication, and encryption, making it a much more capable and secure printing solution than older ones.

As IPP transfers are made using HTTP v. 1.1, once a connection is made, multiple commands (files) can be sent over a single TCP connection. However, by using HTTP/1.1, IPP faces criticism for its protocol overloading. This allegedly makes for a more complex and bloated protocol and implementation than necessary — for example the venerable lp protocol was extended to cover the same functionality.

Anyway, the advantage of implementing IPP on top of HTTP is in the fact that the latter protocol is already well-tested on the Internet as a method to transfer files, which enables reuse of proven, well-tested and debugged client and server code.

It is a design goal of IPP to not invent new security features when existing protocols can be used. For example, the original RFC suggested authorization be done for example via HTTP’s Digest access authentication mechanism or via SSL3. Encryption is not done by IPP itself either, but it may be handled by SSL/TLS protocol layer.

Because the service is using HTTP or HTTPS, this is typically port 80 or port 443. As IPP supports HTTPS traffic, communication can be encrypted, depending on the user’s Internet browser settings. IPP printing via HTTPS is offered in Windows XP and Windows Server 2003. Windows Vista and Windows Server 2008 also support IPP printing over RPC in Medium-Low security zone. IPP uses the client/server model, where the client resides in a PC or workstation and the server is embedded in a printer device or resides in a separate print server machine. The process is as follows:
Read the rest of this entry »

The Post Office Protocol version 3 (POP3) as defined in RFC1939 is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. The protocol defines how the server responds to requests sent from an e-mail client.

A POP3 mail server receives e-mails and filters them into the appropriate user folders. The POP3 service makes e-mail messages available for download from a server, enabling a server to host e-mail accounts and provide basic e-mail access. When a user connects to the mail server to retrieve his mail, the messages are downloaded from mail server to the user’s hard disk. Virtually all modern e-mail clients and servers support this protocol.

POP3 works over a TCP/IP connection using TCP on network port 110. POP3 listens on this TCP port 110 for connections from e-mail clients, authenticates the client, and manages the connection with the client. The design of POP3 and its procedures supports end-users with intermittent connections (such as dial-up connections), allowing these users to retrieve e-mail when connected and then to view and manipulate the retrieved messages without needing to stay connected. Although most clients have an option to leave mail on server, e-mail clients using POP3 generally connect, retrieve all messages, store them on the user’s PC as new messages, delete them from the server, and then disconnect.
Read the rest of this entry »

nslookup is a computer program used in Windows and Unix to query Domain Name System (DNS) servers to find DNS details, including IP addresses of a particular computer, MX records for a domain and the NS servers of a domain. The name nslookup means “name server lookup”.

nslookup is also use as a command-line administrative tool for testing and troubleshooting DNS servers. In the very simple usage, if you enter a domain name, you get back the IP address to which it corresponds, and if you enter an IP number, then you get back the domain name to which it corresponds.

There are two modes available in nslookup: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Following is an example in using interactive mode of nslookup.

C:\>nslookup
Default Server: dns3.maxonline.com.sg
Address: 202.156.1.58

> ifreetuition.com
Server: dns3.maxonline.com.sg
Address: 202.156.1.58

Non-authoritative answer:
Name: ifreetuition.com
Address: 74.220.215.82

Read the rest of this entry »

Wireshark is a very useful tool for the study of network protocol!

In my previous post on ARP, we have learned some basic about the ARP protocol. Let’s look more detail into the ARP request packet in this post.

When the MAC address for a next hop device is not found in the local ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. The following diagram shows an example of an ARP request packet captured using Wireshark.

As shown in the diagram, the ARP packet is contained directly in an Ethernet packet and does not have an IP header. On Ethernet networks, these packets use an EtherType of 0×0806 as indicated in the Packet Details Pane of Wireshark.

As Ethernet protocol specification only assigns a single type value to ARP, an Ethernet frame that contains an ARP request or ARP response message will have the same type indicated. As such, the receiver must examine the Opcode field in the ARP packet to determine whether it is a ARP request or ARP response message.
Read the rest of this entry »

ICMP or Internet Control Message Protocol is one of the most important network protocols in TCP/IP protocol suite. The Internet Protocol is not designed to be absolutely reliable. As such, ICMP is designed to be used by networked computers‘ operating systems to send error messages to show that a requested service is not available or that a PC or router could not be reached.

In a TCP/IP network, every router on the network that forwards an IP datagram has to decrement the time to live (TTL) field of the IP header by one. When the TTL field reaches 0, an ICMP TTL exceeded in transit message is sent back to the source of the datagram. This attribute is utilized by many commonly used network utilities like traceroute and ping.

Basically, the traceroute command is implemented by sending UDP datagrams with specially set IP TTL header fields. When ICMP TTL reach 0 in transit, an ICMP “Destination unreachable” messages is generated. In the case of ping utility, it is implemented using the ICMP “Echo request” and “Echo reply” messages. In the following ping test example, the output of ping tells us that network connectivity to www.google.com is working. It also tells us the time each packet took to return.

C:\>ping www.google.com

Pinging www.l.google.com [216.239.61.104] with 32 bytes of data:

Reply from 216.239.61.104: bytes=32 time=13ms TTL=246
Reply from 216.239.61.104: bytes=32 time=11ms TTL=246
Reply from 216.239.61.104: bytes=32 time=12ms TTL=246
Reply from 216.239.61.104: bytes=32 time=10ms TTL=246

Ping statistics for 216.239.61.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 13ms, Average = 11ms

Read the rest of this entry »

A PC in an Ethernet network can communicate with another PC, if only it knows the Ethernet address (MAC address) of that PC. Address Resolution Protocol (ARP) is a network protocol uses to translate a PC’s IP address to physical (hardware) address. From OSI model point of view, ARP belongs to the OSI data link layer (Layer 2).

When a PC to resolve a given IP address to Ethernet address, an ARP request packet is broadcasted to the whole network. This ARP request packet contains the source MAC address, the source IP address and the destination IP address. Every PC in the local network receives this packet - whether it is connected to a hub or switch as this is a broadcast packet. This ARP request is then processed by all the PCs in the network and the PC with the specified destination IP address will send an ARP reply packet to the originating host with its MAC and IP address.

ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. To display the current ARP entries, execute arp command with “-a” option.

C:\arp -a

Interface: 202.156.207.116 — 0×2
Internet Address Physical Address Type
202.156.200.1 00-30-b8-c7-d9-90 dynamic

Read the rest of this entry »